By: Alejandro Calderon user 26 Mar 2019 at 8:27 p.m. CDT

4 Responses
Alejandro Calderon gravatar
I did what this steps tell you to change the request username for email showed in this tutorial: https://gluu.org/docs/ce/operation/faq/#request-email-instead-of-username-for-login but I made a mistake, I wrote *email* for "Primary key" and "Local primary key" instead *mail* and that error made impossible to login again, is there any other possibility to fix this error but via ftp or something like that??

By Michael Schwartz staff 26 Mar 2019 at 8:38 p.m. CDT

Michael Schwartz gravatar
You'll need to change it in LDAP. Note: write LDAP password to ~/.pw and remove it after you run these ldap CLI operations... ``` # cd /opt/opendj/bin # ./ldapsearch -h localhost -p 1636 -D "Cn=directory manager" -Z -X -j ~/.pw -b 'ou=appliances,o=gluu' "oxIDPAuthentication=*" oxIDPAuthentication ``` The tricky thing is that this value needs to be base64 encoded. Make an ldif file called `myLDIF.ldif` ``` dn: inum=@!F565.9292.7A0D.6B31!0002!8D3B.B9DC,ou=appliances,o=gluu changetype: modify replace: oxIDPAuthentication oxIDPAuthentication:: (base64 encoded value) ``` Note the two colons in the ldif... this signals to the ldap server that the value is base64 encoded. Then run your ldapmodify command: ``` # ./ldapmodify -h localhost -p 1636 -D "cn=directory manager" -j ~/.pw -f myLDIF.ldif ```

By Aliaksandr Samuseu staff 27 Mar 2019 at 10:25 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Alejandro. Michael's steps are correct, just a small note here: from what I see in my test instance, `oxIDPAuthentication` doesn't contain base64-encoded value, but a cleartext JSON object instead. So if it won't work with base64 for some reason, you should try clear-text as well. I think the actual format may depend on package's version.

By Alejandro Calderon user 27 Mar 2019 at 12:50 p.m. CDT

Alejandro Calderon gravatar
When I run this command: `# ./ldapsearch -h localhost -p 1636 -D "Cn=directory manager" -Z -X -j ~/.pw -b 'ou=appliances,o=gluu' "oxIDPAuthentication=*" oxIDPAuthentication` It returns this error: ``` root@ip-172-31-14-154:/opt/opendj/bin# ./ldapsearch -h localhost -p 1636 -D "Cn=directory manager" -Z -X -j ~/.pw -b 'ou=appliances,o=gluu' "oxIDPAuthentication=*" oxIDPAuthentication An error occurred while parsing the command-line arguments: The provided value "/root/.pw" for argument -j is not acceptable: The file /root/.pw specified for argument bindPasswordFile does not exist See "ldapsearch --help" to get more usage help ```

By Aliaksandr Samuseu staff 27 Mar 2019 at 1:04 p.m. CDT

Aliaksandr Samuseu gravatar
You need to put your LDAP admin password (same as default web UI admin password) in `/root/.pw` first. You can check `ldapsearch` / `ldapmodify` docs in case of any troubles with selecting proper arguments.